View Container Details

A container is a running instance of an image. You create containers from an image each time you run the image on your application. You can create multiple containers from a single image, and you can make changes to those containers without affecting the image from which you created them.

When you perform a scan on your system using Nessus or Nessus Agent, Tenable.io Container Security identifies the images and containers in the system and analyzes the containers for risk.

Tenable.io Container Security then displays the containers by scan status and risk level in the Identified Containers widget on the Container Security dashboard based on the results of the most recent scan.

Note: Tenable.io Container Security imports and rescans your images at eight-hour intervals, beginning when you first import and scan the images.

Before you begin:

If Tenable.io Container Security has not yet scanned the source image used to create the container you want to analyze, use one of the following methods to import the image for scanning:

Pull an individual image from your repository and then push the image to Tenable.io Container Security.

Run a Nessus scan on the network where your containers run, selecting the Basic Network Scan template and providing your network authentication credentials. For more information about scan templates, see Scan and Policy Templates in the Nessus User Guide.

Note: Tenable.io Container Security imports data from Nessus to determine if there have ever been any changes made to files on the container. If Nessus detects file changes, Tenable recommends that you check your images and repositories and confirm that no one has accessed them without authorization.

Tip: Alternatively, you can run a Nessus Agent scan on the network where the container runs. For more information, see the Nessus Agent User Guide.

To view container details:

In the Container Security dashboard, find the Identified Containers widget. This widget categorizes your containers by risk and scan status.

Note: When you initiate an image import, Tenable.io Container Security immediately queues the image to be scanned. However, Tenable.io Container Security does not always complete the scan immediately. To prevent undetected vulnerabilities, Tenable recommends that you confirm any images marked as not scanned are imported for scanning. For information about how to import and scan images, see Get Started with Tenable.io Container Security.